Tuesday, November 29, 2011

"A couple of weeks ago, Brian Glass
posted a very helpful comment, Forensic Toolkit v3 Tips and Tricks — on a
Budget. His comment focused on how to “get close to SSD performance on
the cheap” and he discussed the practice of partitioning a large hard
drive, but using only the outer sectors of the platter, and frequent
defragmentation. In my comment, today, I want to encourage readers to
adopt Glass’ advice, and, if you have the budget, to consider a few
other enhancements to improve performance..."

"In my first post several weeks ago, I
discussed some of the special obligations that digital forensics
investigators may have while in the employ of a lawyer. I elaborated
briefly on the duty to zealously guard the attorney-client privilege, to
correctly apply the work product doctrine, and to conduct
investigations in a way that does not compromise the integrity of the
case or the rights, privileges, or immunities of the retaining party. In
this second part of the series, I will explore another important factor
for consideration by examiners: the legality of investigative
techniques..."

"iPhoneTracking is sexy! Every mobile
forensic suite, at least the ones dealing with iPhones, are providing it
proudly. iPhoneTracking also has been a hot topic in the media all
around the globe. People stated that there is a way to display every
step of an iPhone user ever since the device got bought. Hmm...sounds
great for all kind of investigations! Let’s see..."

"Let’s see what Pattern Lock is, how to
access, determine or even get rid of it? We’ll also speak about
Password Lock Protection and find out what it has in common with Pattern
Lock. And finally we’ll try to understand how these locks are related
to forensic investigation process. Generally pattern lock is a set of
gestures that phone user performs to unlock his smartphone when he needs
to use it. It seems to be complicated, but actually it is not..."

"The EDRM (Electronic Discovery
Reference Model) is a widely accepted workflow, which guides those
involved in eDiscovery. Typically, the identification and collection
phases see email and common office documents harvested, but as
technology moves forward is this enough? Many of us are experiencing a
rise in audio discovery projects using solutions including phonetics and
speech to text. In time this is likely to move onto rich media, in
particular video. As a forensic analyst, I know only too well the
variety of different data sources which are overlooked in electronic
disclosure exercises, yet I appreciate the strong argument of
proportionality. Nevertheless, it is relatively straightforward to
circumvent some proportionality claims with the appropriate skill sets
and techniques. Throughout this article I will discuss proof of concept
solutions dealing with Skype in eDiscovery..."

"While researching FTK 3X and Oracle,
you just recently discovered that the best configuration of your Oracle
database would be on a solid state drive (SSD). Solid state drives give
the maximum level of performance to Oracle databases and in turn speed
up your FTK 3X responsiveness. You are a conscientious analyst and
decide to try reinstalling your database on a SSD. You approach your
boss, who is not a techno geek, and ask him to purchase a 256GB high
performance SSD..."

"Anonymous, a word which
Merriam-Webster describes as: of unknown authorship or origin, not named
or identified, or lacking individuality, distinction, or
recognizability. There are some in this world that wish to remain
anonymous, not named or identified. Sure I am one of these people, but I
have my reasons. With the work that I do, clinging to my anonymity is
how I keep myself safe, out of harm’s way. There are many people that
would like to see me hang for what I’ve uncovered about them..."